Lucene search

K

GoogleOSV:BIT-PYTHON-2021-4189

HistoryMar 06, 2024 - 11:05 a.m.

BIT-python-2021-4189

2024-03-0611:05:50

Google

osv.dev

18

python

ftp client

flaw

pasv mode

malicious server

vulnerability

port scanning

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

CPENameOperatorVersion
pythonlt3.7.11
pythonge3.8.0
pythonge3.10.0
pythonle3.10.0
pythonlt3.6.14
pythonlt3.9.3
pythonlt3.8.9
pythonge3.9.0
pythonge3.6.0
pythonge3.7.0

References

access.redhat.com/security/cve/CVE-2021-4189

bugs.python.org/issue43285

bugzilla.redhat.com/show_bug.cgi?id=2036020

github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e

lists.debian.org/debian-lts-announce/2023/05/msg00024.html

lists.debian.org/debian-lts-announce/2023/06/msg00039.html

python-security.readthedocs.io/vuln/ftplib-pasv.html

security-tracker.debian.org/tracker/CVE-2021-4189

security.netapp.com/advisory/ntap-20221104-0004/

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

Related for OSV:BIT-PYTHON-2021-4189

cvelist1 openvas29 prion1 osv6 ibm7 ubuntucve1 nessus34 veracode1 redhatcve1 cve1 debiancve1 oraclelinux2 fedora2 redos1 ubuntu2 redhat24 almalinux2 mageia1 photon2 cloudfoundry1 rocky1 amazon2 hp1 ics1 avleonov1